c9e24433d8
- agent: fix container stop error with signal SIGRTMIN+3 - doc: Improve kata-deploy README.md by changing sh blocks to bash blocks - docs: Remove kata-proxy reference - kata-monitor: fix duplicated output when printing usage - Stop getting OOM events from agent for "ttrpc closed" error - tools/packaging: Fix error path in `kata-deploy-binaries.sh -s` - kata-deploy: fix version bump from -rc to stable - release: Include all the rust vendored code into the vendored tarball - docs: Remove VPP documentation - runtime: Remove the explicit VirtioMem set and fix the comment - tools/packaging/kata-deploy: Copy install_yq.sh before starting parallel builds - docs: Remove kata-proxy references in documentation - agent: Signal the whole process group - osbuilder/qat: don't pull kata sources if exist - docs: fix markdown issues in how-to-run-docker-with-kata.md - osbuilder/qat: use centos as base OS - docs: Update vcpu handling document - Agent: fix unneeded late initialization lint - static-build,clh: Add the ability to build from a PR - Don't use a globally installed mock hook for hook tests - ci: Weekly check whether the docs url is alive - Multistrap Ubuntu & enable cross-building guest - device: using const strings for block-driver option instead of hard coding - doc: update Intel SGX use cases document - tools: update QEMU to 6.2 - action: Update link for format patch documentation - runtime: properly handle ESRCH error when signaling container - docs: Update k8s documentation - rustjail: optimization, merged several writelns into one - doc: fix kata-deploy README typo - versions: Upgrade to Cloud Hypervisor v22.1 - Add debug and self-test control options to Kata Manager - scripts: Change here document delimiters - agent: add tests for get_memory_info function - CI: Update GHA secret name - tools: release: Do not consider release candidates as stable releases - kernel: fix cve-2022-0847 - docs: Update contact link in runtime README - Improve error checking of hugepage allocation - CI: Create GHA to add PR sizing label - release: Revert kata-deploy changes after 2.4.0-rc0 release2b91dcfedocs: Remove kata-proxy reference0d765bd0agent: fix container stop error with signal SIGRTMIN+3a63bbf97kata-monitor: fix duplicated output when printing usage9e4ca0c4doc: Improve kata-deploy README.md by changing sh blocks to bash blocksa779e19btools/packaging: Fix error path in 'kata-deploy-binaries.sh -s'0baebd2btools/packaging: Fix usage of kata-deploy-binaries.sh3606923aworkflows,release: Ship *all* the rust vendored code2eb07455tools: Add a generate_vendor.sh script5e1c30d4runtime: add logs around sandbox monitorfb8be961runtime: stop getting OOM events when ttrpc: closed error93d03cc0kata-deploy: fix version bump from -rc to stablea9314023docs: Remove kata-proxy references in documentation66f05c5bruntime: Remove the explicit VirtioMem set and fix the comment0928eb9fagent: Kill the all the container processes of the same cgroupc2796327osbuilder/qat: don't pull kata sources if exist154c8b03tools/packaging/kata-deploy: Copy install_yq.sh in a dedicated script1ed7da8fpackaging: Eliminate TTY_OPT and NO_TTY variables in kata-deploybad859d2tools/packaging/kata-deploy/local-build: Add build to gitignore19f372b5runtime: Add more debug logs for container io stream copy459f4bfeosbuilder/qat: use centos as base OS9a5b4770docs: Update vcpu handling documentecf71d6ddocs: Remove VPP documentationc77e34deruntime: Move mock hook source86723b51virtcontainers: Remove unused install/uninstall targets0e83c95fvirtcontainers: Run mock hook from build tree rather than system bin dir77434864docs: fix markdown issues in how-to-run-docker-with-kata.md32131cb8Agent: fix unneeded late initialization linte65db838virtcontainers: Remove VC_BIN_DIRc20ad283virtcontainers: Remove unused Makefile definesc776bdf4virtcontainers: Remove unused parameter from go-test.shebec6903static-build,clh: Add the ability to build from a PR24b29310doc: update Intel SGX use cases document18d4d7fbtools: update QEMU to 6.262351637action: Update link for format patch documentationaa5ae6b1runtime: Properly handle ESRCH error when signaling containerefa19c41device: use const strings for block-driver option instead of hard codingdacf6e39doc: fix filename typo92ce5e2drustjail: optimization, merged several writelns into one7a18e32fversions: Upgrade to Cloud Hypervisor v22.15c434270docs: Update k8s documentation5d6d39bescripts: Change here document delimitersbe12baf3manager: Change here documents to use standard delimiter9576a7damanager: Add options to change self test behaviourd4d65bedmanager: Add option to enable component debug019da91dmanager: Whitespace fixd234cb76manager: Create containerd linkc088a3f3agent: add tests for get_memory_info function4b1e2f52CI: Update GHA secret nameffdf961adocs: Update contact link in runtime README5ec7592dkernel: fix cve-2022-08476a850899CI: Create GHA to add PR sizing label2b41d275release: Revert kata-deploy changes after 2.4.0-rc0 release4adf93eftools: release: Do not consider release candidates as stable releases72f7e9e3osbuilder: Multistrap Ubuntudf511bf1packaging: Enable cross-building agent0a313edaosbuilder: Fix use of LIBC in rootfs.sh2c86b956osbuilder: Simplify Rust installation0072cc2bosbuilder: Remove musl installations5c3e5536osbuilder: apk add --no-cache42e35505agent: Verify that we allocated as many hugepages as we need608e003aagent: Don't attempt to create directories for hugepage configuration168fadf1ci: Weekly check whether the docs url is alive Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Kata Containers
Welcome to Kata Containers!
This repository is the home of the Kata Containers code for the 2.0 and newer releases.
If you want to learn about Kata Containers, visit the main Kata Containers website.
Introduction
Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.
License
The code is licensed under the Apache 2.0 license. See the license file for further details.
Platform support
Kata Containers currently runs on 64-bit systems supporting the following technologies:
| Architecture | Virtualization technology |
|---|---|
x86_64, amd64 |
Intel VT-x, AMD SVM |
aarch64 ("arm64") |
ARM Hyp |
ppc64le |
IBM Power |
s390x |
IBM Z & LinuxONE SIE |
Hardware requirements
The Kata Containers runtime provides a command to determine if your host system is capable of running and creating a Kata Container:
$ kata-runtime check
Notes:
This command runs a number of checks including connecting to the network to determine if a newer release of Kata Containers is available on GitHub. If you do not wish this to check to run, add the
--no-network-checksoption.By default, only a brief success / failure message is printed. If more details are needed, the
--verboseflag can be used to display the list of all the checks performed.If the command is run as the
rootuser additional checks are run (including checking if another incompatible hypervisor is running). When running asroot, network checks are automatically disabled.
Getting started
See the installation documentation.
Documentation
See the official documentation including:
Configuration
Kata Containers uses a single configuration file which contains a number of sections for various parts of the Kata Containers system including the runtime, the agent and the hypervisor.
Hypervisors
See the hypervisors document and the Hypervisor specific configuration details.
Community
To learn more about the project, its community and governance, see the community repository. This is the first place to go if you wish to contribute to the project.
Getting help
See the community section for ways to contact us.
Raising issues
Please raise an issue in this repository.
Note: If you are reporting a security issue, please follow the vulnerability reporting process
Developers
See the developer guide.
Components
Main components
The table below lists the core parts of the project:
| Component | Type | Description |
|---|---|---|
| runtime | core | Main component run by a container manager and providing a containerd shimv2 runtime implementation. |
| agent | core | Management process running inside the virtual machine / POD that sets up the container environment. |
| documentation | documentation | Documentation common to all components (such as design and install documentation). |
| tests | tests | Excludes unit tests which live with the main code. |
Additional components
The table below lists the remaining parts of the project:
| Component | Type | Description |
|---|---|---|
| packaging | infrastructure | Scripts and metadata for producing packaged binaries (components, hypervisors, kernel and rootfs). |
| kernel | kernel | Linux kernel used by the hypervisor to boot the guest image. Patches are stored here. |
| osbuilder | infrastructure | Tool to create "mini O/S" rootfs and initrd images and kernel for the hypervisor. |
agent-ctl |
utility | Tool that provides low-level access for testing the agent. |
trace-forwarder |
utility | Agent tracing helper. |
ci |
CI | Continuous Integration configuration files and scripts. |
katacontainers.io |
Source for the katacontainers.io site. |
Packaging and releases
Kata Containers is now available natively for most distributions. However, packaging scripts and metadata are still used to generate snap and GitHub releases. See the components section for further details.
Glossary of Terms
See the glossary of terms related to Kata Containers.